On Tue, Feb 28, 2012 at 8:55 PM, Scott Leibrand <scottleibrand at gmail.com> wrote:
> On Tue, Feb 28, 2012 at 5:21 PM, William Herrin <bill at herrin.us> wrote:
>>>> On Tue, Feb 28, 2012 at 6:38 PM, Chris Grundemann <cgrundemann at gmail.com>
>> wrote:
>> > FYI: The intent of adding the reverse DNS hook was twofold. First, as
>> > you very correctly observe, it should help grab attention when needed
>> > as an intermediate step before revoking resources, kind of a last
>> > chance mechanism. The other intent is to grab attention when
>> > revocation is too extreme, such as a failure to register downstream
>> > delegations in WHOIS. As a community, we have identified time and
>> > again the need for an accurate WHOIS. This "penny ante" mechanism may
>> > help ARIN to ensure that the WHOIS database is as accurate and
>> > complete as possible.
>>>> Hi Chris,
>>>> I can't think of a single hypothetical case in which revocation is too
>> extreme but canceling RDNS is an appropriate punishment.
>>>> WHOIS isn't up to snuff? Not taking ARIN's complaints seriously? Issue
>> a revocation with the policy 6-months to renumber out of the block. If
>> WHOIS magically improves and they pay ARIN's auditing costs so that
>> the rest of us don't get burned by the bad behavior, then clearly
>> there's no further need to complete the revocation.
>>>> I'm okay with RDNS revocation as a last ditch "we couldn't get in
>> touch with you any other way" measure, but that use isn't punitive. As
>> a punitive measure, RDNS revocation is, frankly, beneath ARIN's
>> dignity.
>>> Not sure if a non-profit has dignity, but otherwise I would tend to agree
> with Bill here. I'm uncomfortable *requiring* ARIN to stop providing
> reverse DNS services. If we want to give ARIN permission to do so, fine.
> (I don't think they'll abuse that tool, or even use it much.) But I'm
> still unconvinced that requiring them to do so serves any useful purpose.
The NRPM contains enough vague language that we've demonstrated can be
applied unevenly. I don't think adding more is productive.
> So I'm fine with "If an organization fails to respond within thirty (30)
> days, ARIN may cease providing reverse DNS services to that organization."
> But I would strike "If progress of resource returns or record corrections
> has not occurred within sixty (60) days after ARIN initiated contact, ARIN
> shall cease providing reverse DNS services for the resources in question."
Experience with ARIN Section 12 audit seems to be limited in this
thread at least for an extra-large amount of address space, pardon me
if I'm wrong.. These audit policies don't only apply to the small
networks and the complexity, time and cost involved vary greatly along
the lines of size. If this were something more reasonable, the time
frame could be more along the lines of at least 120 days.
Still, ARIN already has all of the necessary "tools" to do their job
including their lawyers. A breach of the RSA is a legal issue, not a
technical one.
Best,
-M<